From 37e70e30e82c8bae17451330bdaa5cf3a390afcb Mon Sep 17 00:00:00 2001 From: root Date: Sun, 13 Apr 2025 16:21:50 +0200 Subject: [PATCH] Update 2025-04-13_16:21:50 --- bind_add_slave_zone.sh | 42 ++++++ calculate_bitrate.sh | 46 ++++++ dnsbl.sh | 6 + f2b-c_s-div.sh | 10 ++ f2b-c_s-drupal.sh | 10 ++ f2b-c_s-mail.sh | 10 ++ f2b-c_s-proxy.sh | 10 ++ f2b-ip.sh | 53 +++++++ f2b-jails.sh | 8 ++ f2b-status.sh | 7 + firehol-reload-netset-blacklist.sh | 36 +++++ gitea_push.sh | 219 +++++++++++++++++++++++++++++ ipinipset.sh | 9 ++ listen_change.sh | 28 ++++ lxc-ai-package.sh | 59 ++++++++ lxc-create.sh | 34 +++++ lxc-hwaddr.sh | 23 +++ lxc_create.sh | 65 +++++++++ lxc_list_login.sh | 83 +++++++++++ lxc_list_sed.sh | 69 +++++++++ lxc_snapshot_create.sh | 53 +++++++ remove_nonexistent_rules.sh | 65 +++++++++ ssl_certificate_delete.sh | 29 ++++ updateContainer.sh | 11 ++ 24 files changed, 985 insertions(+) create mode 100755 bind_add_slave_zone.sh create mode 100755 calculate_bitrate.sh create mode 100755 dnsbl.sh create mode 100755 f2b-c_s-div.sh create mode 100755 f2b-c_s-drupal.sh create mode 100755 f2b-c_s-mail.sh create mode 100755 f2b-c_s-proxy.sh create mode 100755 f2b-ip.sh create mode 100755 f2b-jails.sh create mode 100755 f2b-status.sh create mode 100755 firehol-reload-netset-blacklist.sh create mode 100755 gitea_push.sh create mode 100755 ipinipset.sh create mode 100755 listen_change.sh create mode 100755 lxc-ai-package.sh create mode 100755 lxc-create.sh create mode 100755 lxc-hwaddr.sh create mode 100755 lxc_create.sh create mode 100755 lxc_list_login.sh create mode 100755 lxc_list_sed.sh create mode 100755 lxc_snapshot_create.sh create mode 100755 remove_nonexistent_rules.sh create mode 100755 ssl_certificate_delete.sh create mode 100755 updateContainer.sh diff --git a/bind_add_slave_zone.sh b/bind_add_slave_zone.sh new file mode 100755 index 0000000..f52a4f1 --- /dev/null +++ b/bind_add_slave_zone.sh @@ -0,0 +1,42 @@ +#!/bin/zsh +# Version 01.0 +# Script to add a new slave zone to /etc/bind/named.conf.local on ns2.dynproxy.net +# Script Name: bind_add_slave_zone.sh + +# Variables +NAMED_CONF="/etc/bind/named.conf.local" +CACHE_DIR="/var/cache/bind" + +# Check if a domain name argument is provided +if [ -z "$1" ]; then + echo "Usage: $0 " + exit 1 +fi + +DOMAIN=$1 +ZONE_FILE="$CACHE_DIR/db.$DOMAIN" + +# Check if the zone configuration already exists +if grep -q "zone \"$DOMAIN\"" $NAMED_CONF; then + echo "Zone $DOMAIN already exists in $NAMED_CONF. Aborting!" + exit 2 +fi + +# Append zone configuration to named.conf.local +echo "Adding slave zone configuration for $DOMAIN to $NAMED_CONF" +cat <> $NAMED_CONF +zone "$DOMAIN" { + type slave; + file "$ZONE_FILE"; + masters { 23.88.113.138; }; + allow-transfer { key "ns3-key"; }; +}; +EOF + +# Reload BIND configuration +echo "Reloading BIND configuration" +rndc reload + +# Success message +echo "Slave zone for $DOMAIN has been added successfully" + diff --git a/calculate_bitrate.sh b/calculate_bitrate.sh new file mode 100755 index 0000000..6ca2ff7 --- /dev/null +++ b/calculate_bitrate.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# Check if the folder is provided as an argument +if [ -z "$1" ]; then + echo "Usage: $0 " + exit 1 +fi + +VIDEO_FOLDER="$1" +OUTPUT_FILE="bitrates.txt" +TOTAL_BITRATE=0 +VIDEO_COUNT=0 + +# Clear or create the output file +> "$OUTPUT_FILE" + +# Function to get bitrate of a video in Mbps +get_bitrate() { + local video_file="$1" + bitrate_kbps=$(ffprobe -v error -select_streams v:0 -show_entries stream=bit_rate -of default=noprint_wrappers=1:nokey=1 "$video_file" | head -n 1) + if [[ "$bitrate_kbps" =~ ^[0-9]+$ ]]; then + bitrate_mbps=$(echo "scale=2; $bitrate_kbps / 1000 / 1000" | bc) + echo "$bitrate_mbps" + else + echo "0" + fi +} + +# Iterate through each video file in the folder +for video_file in "$VIDEO_FOLDER"/*; do + if [ -f "$video_file" ]; then + bitrate=$(get_bitrate "$video_file") + echo "File: $video_file - Bitrate: ${bitrate} Mbps" | tee -a "$OUTPUT_FILE" + TOTAL_BITRATE=$(echo "$TOTAL_BITRATE + $bitrate" | bc) + ((VIDEO_COUNT++)) + fi +done + +# Calculate the average bitrate +if [ "$VIDEO_COUNT" -gt 0 ]; then + AVERAGE_BITRATE=$(echo "scale=2; $TOTAL_BITRATE / $VIDEO_COUNT" | bc) + echo "Average Bitrate: $AVERAGE_BITRATE Mbps" | tee -a "$OUTPUT_FILE" +else + echo "No video files found in the specified folder." | tee -a "$OUTPUT_FILE" +fi + diff --git a/dnsbl.sh b/dnsbl.sh new file mode 100755 index 0000000..2f6ebfa --- /dev/null +++ b/dnsbl.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +cat /var/log/dnsbl-ipset/blacklist.log | cut -d ' ' -f1 | sort | uniq -c | sort -nr | mail -s "dnsbl blacklist.log 32 weekly Report `date`" srvlogz@bubuit.net +cat /var/log/dnsbl-ipset/blacklist.log | cut -d ' ' -f1 | awk -F\. '{print $1"."$2"."$3"."}' | sort | uniq -c | sort -nr | mail -s "dnsbl blacklist.log 24 weekly Report `date`" srvlogz@bubuit.net +cat /var/log/dnsbl-ipset/blacklist.log | cut -d ' ' -f1 | awk -F\. '{print $1"."$2"."}' | sort | uniq -c | sort -nr | mail -s "dnsbl blacklist.log 16 weekly Report `date`" srvlogz@bubuit.net +rm /var/log/dnsbl-ipset/blacklist.log diff --git a/f2b-c_s-div.sh b/f2b-c_s-div.sh new file mode 100755 index 0000000..fb6535a --- /dev/null +++ b/f2b-c_s-div.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +F2BRULES="recidive sshd" +echo $F2BRULES + +for i in $F2BRULES; do + echo $i + fail2ban-client status $i + echo "" +done diff --git a/f2b-c_s-drupal.sh b/f2b-c_s-drupal.sh new file mode 100755 index 0000000..5090285 --- /dev/null +++ b/f2b-c_s-drupal.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +F2BRULES="apache-badbots drupal-auth" +echo $F2BRULES + +for i in $F2BRULES; do + echo $i + fail2ban-client status $i + echo "" +done diff --git a/f2b-c_s-mail.sh b/f2b-c_s-mail.sh new file mode 100755 index 0000000..dcca7fc --- /dev/null +++ b/f2b-c_s-mail.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +F2BRULES="dovecot dovecot-pop3impap postfix-flood-attack postfix-rbl postfix postfix-sasl" +echo $F2BRULES + +for i in $F2BRULES; do + echo $i + fail2ban-client status $i + echo "" +done diff --git a/f2b-c_s-proxy.sh b/f2b-c_s-proxy.sh new file mode 100755 index 0000000..41405b1 --- /dev/null +++ b/f2b-c_s-proxy.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +F2BRULES="nginx-401 nginx-http-auth nginx-nohome nginx-noproxy nginx-noscript" +echo $F2BRULES + +for i in $F2BRULES; do + echo $i + fail2ban-client status $i + echo "" +done diff --git a/f2b-ip.sh b/f2b-ip.sh new file mode 100755 index 0000000..8e67082 --- /dev/null +++ b/f2b-ip.sh @@ -0,0 +1,53 @@ +#!/bin/zsh + +# Function to extract the list of jails +extract_jail_list() { + # Run fail2ban-client status and extract the jail list + JAIL_LIST=$(fail2ban-client status | awk -F'\t' '/Jail list/ {print $2}' | tr ',' '\n' | tr -d ' ') + + # Check if jail list is empty + if [[ -z "$JAIL_LIST" ]]; then + echo "No jails found." + return 1 + fi + + echo "$JAIL_LIST" + return 0 +} + +# Function to extract and print all banned IPs +extract_and_print_all_banned_ips() { + JAIL_LIST=$(extract_jail_list) + if [[ $? -ne 0 ]]; then + return 1 + fi + + ALL_BANNED_IPS="" + + for JAIL in ${(f)JAIL_LIST}; do + STATUS_OUTPUT=$(fail2ban-client status $JAIL) + + # Extract the banned IPs + BANNED_IP_LIST=$(echo "$STATUS_OUTPUT" | grep -oP '(?<=Banned IP list:\t).*') + if [[ -n "$BANNED_IP_LIST" ]]; then + ALL_BANNED_IPS+="$BANNED_IP_LIST " + fi + done + + # Print all found IPs + echo "$ALL_BANNED_IPS" | tr ' ' '\n' +} + +# Function to filter the IPs based on the provided argument +filter_ips() { + SEARCH_IP=$1 + extract_and_print_all_banned_ips | grep "$SEARCH_IP" +} + +# Main execution +if [[ $# -gt 0 ]]; then + filter_ips $1 +else + extract_and_print_all_banned_ips +fi + diff --git a/f2b-jails.sh b/f2b-jails.sh new file mode 100755 index 0000000..9c1b203 --- /dev/null +++ b/f2b-jails.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +for i in dovecot dovecot-pop3impap nginx-401 nginx-http-auth nginx-nohome nginx-noproxy nginx-noscript postfix postfix-flood-attack postfix-rbl postfix-sasl recidive sshd +do + echo " " + fail2ban-client status $i + echo " " +done diff --git a/f2b-status.sh b/f2b-status.sh new file mode 100755 index 0000000..0c71665 --- /dev/null +++ b/f2b-status.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +list=$(fail2ban-client status | grep list | cut -d ":" -f2 | tr -d ',') + +for i in $list; do + fail2ban-client status $i +done diff --git a/firehol-reload-netset-blacklist.sh b/firehol-reload-netset-blacklist.sh new file mode 100755 index 0000000..174ea2c --- /dev/null +++ b/firehol-reload-netset-blacklist.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +# Define your ipset name +IPSET_NAME="blacklist" + +# Path to your list of IP network ranges, one per line +IP_LIST_PATH="/etc/firehol/blacklist.netset" + +# Function to check if a string is a CIDR network range specifically for /24 +is_cidr_24() { + local CIDR=$1 + if [[ $CIDR =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/24$ ]]; then + return 0 # True + else + return 1 # False + fi +} + +# Clear the existing ipset +ipset flush "$IPSET_NAME" + +# Repopulate the ipset +while IFS= read -r LINE; do + # Skip empty lines and lines starting with # + [[ -z "$LINE" ]] || [[ "$LINE" =~ ^# ]] && continue + + if is_cidr_24 "$LINE"; then + # It's a CIDR /24 network range, add to blacklist + ipset add "$IPSET_NAME" "$LINE" 2>/dev/null + else + echo "Skipping unrecognized format: $LINE" + fi +done < "$IP_LIST_PATH" + +echo "Ipset $IPSET_NAME reloaded with networks from $IP_LIST_PATH" + diff --git a/gitea_push.sh b/gitea_push.sh new file mode 100755 index 0000000..0bca28e --- /dev/null +++ b/gitea_push.sh @@ -0,0 +1,219 @@ +#!/bin/zsh +# Script Version: 1.5 +# Description: Pushes the current folder (e.g. /etc) to a nested Gitea repo using provided nesting arguments. Auto-creates the remote repo via Gitea API if missing. + +# Set variables +# ======== + +# Try to extract GITEA_API_TOKEN from ~/.gitea_token if not set +if [ -z "$GITEA_API_TOKEN" ] && [ -f "$HOME/.gitea_token" ]; then + GITEA_API_TOKEN=$(<"$HOME/.gitea_token") + export GITEA_API_TOKEN +fi + +GITEA_USER=$(awk '{for(i=1;i<=NF;i++) if($i=="login") print $(i+1)}' ~/.netrc | head -n1) +if [ -z "$GITEA_USER" ]; then + echo "[ERROR] No login found in ~/.netrc" + exit 1 +fi + +GITEA_URL="https://$(awk '{for(i=1;i<=NF;i++) if($i=="machine") print $(i+1)}' ~/.netrc | head -n1)" +if [ -z "$GITEA_URL" ]; then + echo "[ERROR] No URL found in ~/.netrc" + exit 1 +fi +GITEA_API_URL="$GITEA_URL/api/v1" + +PRIVATE=false +DEBUG=false +COMMIT_MESSAGE="Update $(date +"%F_%T")" + +# Logging function +# ======== +log() { + local level="$1"; shift + if [[ "$level" == "DEBUG" && "$DEBUG" != true ]]; then return; fi + local color_reset="$(tput sgr0)" + local color="" + case "$level" in + INFO) color="$(tput setaf 2)" ;; # green + WARNING) color="$(tput setaf 3)" ;; # yellow + ERROR) color="$(tput setaf 1)" ;; # red + DEBUG) color="$(tput setaf 4)" ;; # blue + esac + echo "${color}[$level] $*${color_reset}" +} + +# Functions +# ======== +create_repo() { + log INFO "Repository does not exist. Creating via API: $REMOTE_PATH" + log DEBUG "POST $GITEA_API_URL/user/repos with name=$REMOTE_PATH and private=$PRIVATE" + RESPONSE=$(curl -s -X POST \ + -H "Authorization: token $GITEA_API_TOKEN" \ + -H "Content-Type: application/json" \ + -d "{\"name\": \"$FOLDER_NAME\", \"private\": $PRIVATE}" \ + "$GITEA_API_URL/user/repos") + + if echo "$RESPONSE" | grep -q '"clone_url"'; then + log INFO "Remote repository created successfully." + HTTP_STATUS=200 + else + log ERROR "Failed to create remote repository: $RESPONSE" + exit 1 + fi +} + +prepare_commit() { + git add . + if git diff --quiet HEAD && ! git rev-parse --verify HEAD >/dev/null 2>&1; then + log INFO "Creating initial commit" + git commit -m "$COMMIT_MESSAGE" + elif ! git diff --quiet HEAD; then + log INFO "Committing changes" + git commit -m "$COMMIT_MESSAGE" + else + log INFO "Nothing to commit" + fi +} + +setup_remote() { + if git remote | grep -q '^origin$'; then + log INFO "Updating remote origin URL" + git remote set-url origin "$GIT_REMOTE" + else + log INFO "Adding remote origin" + git remote add origin "$GIT_REMOTE" + fi +} + +push_changes() { + log INFO "Pushing to $GIT_REMOTE" + git push -u origin main +} + +# Show help if no arguments are given +# ======== +if [ $# -eq 0 ]; then + echo "GITEA_API_TOKEN=" + echo "Usage: $0 [--private] [--debug] [--message \"your commit message\"] " + echo "Example: $0 server" + echo " $0 --private workstation" + echo " $0 --debug server" + echo " $0 --message \"minor update\" server" + echo + echo "Note: You must cd into the target folder before running this script." + echo "For example:" + echo " cd /etc && $0 server" + echo + echo "Authentication:" + echo " Git operations (clone, push, pull) use ~/.netrc with your Git password:" + echo " machine \$(echo \"$GITEA_URL\" | sed 's|https\?://||') login $GITEA_USER password \"\"" + echo " chmod 600 ~/.netrc" + echo + echo " API operations (e.g. creating repos) use a Personal Access Token stored in ~/.gitea_token" + echo " echo \"\" > ~/.gitea_token && chmod 600 ~/.gitea_token" + exit 0 +fi + +# Parse arguments +# ======== +POSITIONAL_ARGS=() +while [[ $# -gt 0 ]]; do + case "$1" in + --private) + PRIVATE=true + shift + ;; + --debug) + DEBUG=true + shift + ;; + --message) + COMMIT_MESSAGE="$2" + shift 2 + ;; + *) + POSITIONAL_ARGS+=("$1") + shift + ;; + esac +done + +set -- "${POSITIONAL_ARGS[@]}" + +if [[ $# -ne 1 ]]; then + echo "Usage: $0 [--private] [--debug] [--message \"your commit message\"] " + exit 1 +fi + +HOST_GROUP=$(echo "$1" | tr '[:upper:]' '[:lower:]' | tr -cd 'a-z0-9-') +HOST_NAME=$(hostname -s | tr '[:upper:]' '[:lower:]' | tr -cd 'a-z0-9-') +FOLDER_NAME="${HOST_NAME}-${HOST_GROUP}-$(basename "$PWD")" +REPO_PATH="$PWD" +REMOTE_PATH="$FOLDER_NAME" +GIT_REMOTE="$GITEA_URL/$GITEA_USER/$FOLDER_NAME.git" + +# Git authentication hint +log DEBUG "Ensure ~/.netrc has: machine login $GITEA_USER password " + +# Check or create remote repo +check_or_create_repo() { + if [ -z "$GITEA_API_TOKEN" ]; then + log WARNING "GITEA_API_TOKEN is not set. Skipping API repo creation." + return + fi + + HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" \ + -H "Authorization: token $GITEA_API_TOKEN" \ + "$GITEA_API_URL/repos/$GITEA_USER/$FOLDER_NAME") + + if [ "$HTTP_STATUS" -ne 200 ]; then + create_repo + else + log INFO "Remote repository already exists." + fi +} + + +check_or_create_repo + +# Main Process +# ======== + +# Safety check against pushing from / or $HOME +if [[ "$PWD" == "$HOME" || "$PWD" == "/" ]]; then + log ERROR "Refusing to run inside \$PWD=$PWD" + exit 1 +fi +log INFO "Pushing $REPO_PATH to $GIT_REMOTE" +cd "$REPO_PATH" || { log ERROR "Directory $REPO_PATH not found"; exit 1; } + +# Initialize git if needed +# Branch is fixed to 'main' for simplicity and consistency +if [ ! -d .git ]; then + log INFO "Initializing Git repo" + git init + git config init.defaultBranch main + git checkout -b main +else + log DEBUG ".git directory already present" +fi + +# Ensure at least one commit exists +prepare_commit + +# Set or update remote +if [ "$HTTP_STATUS" -eq 200 ]; then + setup_remote +else + log WARNING "Skipping remote setup – repository does not exist." +fi + +# Push to remote +if [ "$HTTP_STATUS" -eq 200 ]; then + push_changes +else + log WARNING "Skipping push – repository does not exist." +fi + diff --git a/ipinipset.sh b/ipinipset.sh new file mode 100755 index 0000000..c06b1ee --- /dev/null +++ b/ipinipset.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +IPSETS=$(ipset list -n| sort) + +for i in $IPSETS; do + echo $i + ipset list $i | grep "^$1" +# echo "" +done diff --git a/listen_change.sh b/listen_change.sh new file mode 100755 index 0000000..abe4f04 --- /dev/null +++ b/listen_change.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# Script Version: 01 +# Description: Replaces 'listen 443 ssl' with 'listen 80' in Nginx configuration files under /etc/nginx/sites-enabled/ + +# Directory containing Nginx site configurations +CONFIG_DIR="/etc/nginx/sites-enabled" + +# Iterate over each file in the configuration directory +for FILE in "$CONFIG_DIR"/*; do + # Check if the file is a regular file + if [ -f "$FILE" ]; then + # Replace 'listen 443 ssl' with 'listen 80' + sed -i 's/listen 443 ssl;/listen 80;/g' "$FILE" + fi +done + +# Test Nginx configuration +nginx -t + +# Check if the configuration test was successful +if [ $? -eq 0 ]; then + # Reload Nginx to apply changes + systemctl reload nginx + echo "Nginx reloaded successfully." +else + echo "Nginx configuration test failed. Please check the configuration files." +fi + diff --git a/lxc-ai-package.sh b/lxc-ai-package.sh new file mode 100755 index 0000000..b25941e --- /dev/null +++ b/lxc-ai-package.sh @@ -0,0 +1,59 @@ +#!/bin/bash + +# Check if a package name is provided +if [ -z "$1" ]; then + echo "Usage: $0 " + exit 1 +fi + +PACKAGE_NAME="$1" + +# Function to log messages with timestamp +log_message() { + echo "$(date +"%Y-%m-%d %H:%M:%S") - $1" +} + +# Function to check if a container is running +is_container_running() { + local container=$1 + lxc-info -n "$container" | grep -q 'RUNNING' +} + +# List all running Linux containers +containers=$(lxc-ls -f G RUNNING | awk 'NR>1 {print $1}') + +# Install the package inside each container +install_package_in_container() { + local container=$1 + local package=$2 + + if is_container_running "$container"; then + log_message "Installing $package in container: $container" + + lxc-attach -n "$container" -- apt update > /tmp/${container}_apt_update.log 2>&1 + if [[ $? -ne 0 ]]; then + log_message "Failed to update APT in container: $container. Check /tmp/${container}_apt_update.log for details." + return 1 + fi + + lxc-attach -n "$container" -- apt install -y "$package" > /tmp/${container}_apt_install_${package}.log 2>&1 + if [[ $? -ne 0 ]]; then + log_message "Failed to install $package in container: $container. Check /tmp/${container}_apt_install_${package}.log for details." + return 1 + fi + + log_message "Successfully installed $package in container: $container" + else + log_message "Container $container is not running. Skipping." + fi +} + +export -f log_message +export -f is_container_running +export -f install_package_in_container + +# Process each container in parallel +echo "$containers" | xargs -I{} -n1 -P4 bash -c 'install_package_in_container "{}" "$PACKAGE_NAME"' _ "$PACKAGE_NAME" + +log_message "All containers have been processed." + diff --git a/lxc-create.sh b/lxc-create.sh new file mode 100755 index 0000000..87966a7 --- /dev/null +++ b/lxc-create.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +LXCHOSTNAME=drupal24 + +lxc-stop -n drupal10 +lxc-copy -n drupal10 -N $LXCHOSTNAME + +# Funktion zur Generierung einer einzigartigen MAC-Adresse +generate_unique_hwaddr() { + local hwaddr + local existing_hwaddrs + while : ; do + hwaddr=$(printf '00:16:3e:%02x:%02x:%02x\n' $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256))) + existing_hwaddrs=$(grep "lxc.net.0.hwaddr" /var/lib/lxc/*/config | grep "$hwaddr") + if [ -z "$existing_hwaddrs" ]; then + # MAC-Adresse ist einzigartig + echo "$hwaddr" + return + fi + done +} + +# Generiere eine einzigartige MAC-Adresse +NEW_HWADDR=$(generate_unique_hwaddr) + +# Pfad zur LXC-Konfigurationsdatei +CONFIG_FILE="/var/lib/lxc/$LXCHOSTNAME/config" + +# Ersetze die existierende hwaddr Zeile +sed -i "/^lxc.net.0.hwaddr/c\lxc.net.0.hwaddr = $NEW_HWADDR" "$CONFIG_FILE" + +#echo "MAC-Adresse in $CONFIG_FILE auf $NEW_HWADDR aktualisiert." + +lxc-start -n drupal10 diff --git a/lxc-hwaddr.sh b/lxc-hwaddr.sh new file mode 100755 index 0000000..0f5e161 --- /dev/null +++ b/lxc-hwaddr.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# Funktion zur Generierung einer einzigartigen MAC-Adresse +generate_unique_hwaddr() { + local hwaddr + local existing_hwaddrs + while : ; do + hwaddr=$(printf '00:16:3e:%02x:%02x:%02x\n' $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256))) + existing_hwaddrs=$(grep "lxc.net.0.hwaddr" /var/lib/lxc/*/config | grep "$hwaddr") + if [ -z "$existing_hwaddrs" ]; then + # MAC-Adresse ist einzigartig + echo "$hwaddr" + return + fi + done +} + +# Generiere eine einzigartige MAC-Adresse +NEW_HWADDR=$(generate_unique_hwaddr) + +grep "lxc.net.0.hwaddr" /var/lib/lxc/*/config | awk '{print $3}' +echo "$NEW_HWADDR new hwaddr" + diff --git a/lxc_create.sh b/lxc_create.sh new file mode 100755 index 0000000..e8fa0be --- /dev/null +++ b/lxc_create.sh @@ -0,0 +1,65 @@ +#!/bin/bash + +read -e -p "LXCHOSTNAME: " LXCHOSTNAME +export LXCHOSTNAME + +# Stop the template container +lxc-stop -n template + +# Copy the template to create a new container with the given hostname +lxc-copy -n template -N "$LXCHOSTNAME" + +# Function to generate a unique MAC address +generate_unique_hwaddr() { + local hwaddr + local existing_hwaddrs + while : ; do + hwaddr=$(printf '00:16:3e:%02x:%02x:%02x\n' $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256))) + existing_hwaddrs=$(grep "lxc.net.0.hwaddr" /var/lib/lxc/*/config | grep "$hwaddr") + if [ -z "$existing_hwaddrs" ]; then + # MAC address is unique + echo "$hwaddr" + return + fi + done +} + +# Generate a unique MAC address +NEW_HWADDR=$(generate_unique_hwaddr) + +# Path to the LXC configuration file +CONFIG_FILE="/var/lib/lxc/$LXCHOSTNAME/config" + +# Replace the existing hwaddr line +sed -i "/^lxc.net.0.hwaddr/c\lxc.net.0.hwaddr = $NEW_HWADDR" "$CONFIG_FILE" + +echo "MAC address in $CONFIG_FILE updated to $NEW_HWADDR." + +# Start the new container +lxc-start -n "$LXCHOSTNAME" + +# Wait for the container to start +sleep 5 + +# Change the hostname inside the container +lxc-attach -n "$LXCHOSTNAME" -- bash -c "echo '$LXCHOSTNAME' > /etc/hostname" +lxc-attach -n "$LXCHOSTNAME" -- hostname "$LXCHOSTNAME" + +# Update /etc/hosts +lxc-attach -n "$LXCHOSTNAME" -- bash -c "echo '127.0.0.1 $LXCHOSTNAME' >> /etc/hosts" + +# Ensure the container has internet access (optional, check and adjust if needed) +lxc-attach -n "$LXCHOSTNAME" -- ping -c 4 google.com +echo + +# Stop and restart the container +lxc-stop -n "$LXCHOSTNAME" +lxc-start -n "$LXCHOSTNAME" + +# Display the MAC addresses to verify the changes +grep lxc.net.0.hwaddr /var/lib/lxc/*/config + +# Wait and list containers to ensure they are running +sleep 9 +lxc-ls -f + diff --git a/lxc_list_login.sh b/lxc_list_login.sh new file mode 100755 index 0000000..97c18cf --- /dev/null +++ b/lxc_list_login.sh @@ -0,0 +1,83 @@ +#!/bin/bash +# ============================================================================= +# Script Name: lxc_list_login.sh +# Version: 1.2 +# Description: Lists LXC containers, checks their statuses, and allows login. +# ============================================================================= + +# Required commands +REQUIRED_CMDS=("lxc-ls" "lxc-info" "lxc-start" "lxc-attach") + +# Check if required commands are available +for CMD in "${REQUIRED_CMDS[@]}"; do + if ! command -v "$CMD" &> /dev/null; then + echo "The command $CMD is not installed. Please install it and try again." + exit 1 + fi +done + +# List and check LXC containers +echo "List of all LXC containers:" +CONTAINERS=($(lxc-ls -f | awk 'NR>1 && $1 != "" {print $1}')) + +# Check if there are any containers +if [[ ${#CONTAINERS[@]} -eq 0 ]]; then + echo "There are no LXC containers." + exit 1 +fi + +# Display containers and their status +printf "\n%-5s %-20s %-10s\n" "Index" "Container Name" "Status" +echo "------------------------------------------" +for (( I=0; I<${#CONTAINERS[@]}; I++ )); do + LXCHOSTNAME="${CONTAINERS[$I]}" + if [[ -n "$LXCHOSTNAME" ]]; then + STATUS=$(lxc-info --name="$LXCHOSTNAME" | grep "State" | awk '{print $2}') + printf "%-5d %-20s %-10s\n" "$I" "$LXCHOSTNAME" "$STATUS" + fi +done + +# Prompt user to select a container +read -p "Select a container to log in (0-$(( ${#CONTAINERS[@]} - 1 ))): " SELECTION + +# Validate selection +if [[ $SELECTION =~ ^[0-9]+$ ]] && [[ $SELECTION -ge 0 && $SELECTION -lt ${#CONTAINERS[@]} ]]; then + LXCHOSTNAME="${CONTAINERS[$SELECTION]}" + STATUS=$(lxc-info --name="$LXCHOSTNAME" | grep "State" | awk '{print $2}') + + if [[ $STATUS == "STOPPED" ]]; then + read -p "Container $LXCHOSTNAME is stopped. Do you want to start it? (y/n) " START_SELECTION + if [[ $START_SELECTION == "y" ]]; then + echo "Starting the container $LXCHOSTNAME..." + if lxc-start --name="$LXCHOSTNAME"; then + echo "Container $LXCHOSTNAME has been started." + for i in {1..10}; do + STATUS=$(lxc-info --name="$LXCHOSTNAME" | grep "State" | awk '{print $2}') + if [[ $STATUS == "RUNNING" ]]; then + break + fi + sleep 1 + done + if [[ $STATUS != "RUNNING" ]]; then + echo "Container $LXCHOSTNAME failed to start within the timeout period." + exit 1 + fi + else + echo "Error starting the container $LXCHOSTNAME." + exit 1 + fi + else + echo "Container $LXCHOSTNAME was not started." + exit 1 + fi + fi + echo "Logging into the container $LXCHOSTNAME..." + if ! lxc-attach --name="$LXCHOSTNAME"; then + echo "Error logging into the container $LXCHOSTNAME." + exit 1 + fi +else + echo "Invalid selection. Please run the script again and choose a valid number." + exit 1 +fi + diff --git a/lxc_list_sed.sh b/lxc_list_sed.sh new file mode 100755 index 0000000..c5fc87e --- /dev/null +++ b/lxc_list_sed.sh @@ -0,0 +1,69 @@ +#!/bin/bash +# ============================================================================= +# Script Name: lxc_list_sed.sh +# Version: 1.10 +# Description: This script lists all LXC containers, checks their statuses, and +# updates the SENDMAILTO field in /etc/logcheck/logcheck.conf for +# running containers. It includes error handling and logging. +# ============================================================================= + +# 01 Required commands +REQUIRED_CMDS=("lxc-ls" "lxc-info" "lxc-attach" "lxc-start") + +# 02 Check if required commands are available +for CMD in "${REQUIRED_CMDS[@]}"; do + if ! command -v $CMD &> /dev/null; then + echo "Command $CMD is not installed. Please install it and try again." + exit 1 + fi +done + +# 03 Function to check if a container is running +is_container_running() { + local CONTAINER=$1 + if lxc-info -n "$CONTAINER" | grep -q 'RUNNING'; then + echo "$CONTAINER is running." + return 0 # Container is running + else + echo "$CONTAINER is not running or does not exist." + return 1 # Container is not running + fi +} + +# 04 List all running Linux containers +list_running_containers() { + local CONTAINERS=($(lxc-ls -f | awk '$2 == "RUNNING" {print $1}')) + echo ${CONTAINERS[@]} +} + +# 05 Update SENDMAILTO in /etc/logcheck/logcheck.conf for running LXC containers +update_sendmailto() { + local NEW_EMAIL="logcheck+srvlogz@bubuit.net" + local RUNNING_CONTAINERS=($@) # Get the list of running containers as arguments + + for CONTAINER in "${RUNNING_CONTAINERS[@]}"; do + echo "Attempting to update SENDMAILTO in $CONTAINER" + if lxc-attach -n "$CONTAINER" -- bash -c "[ -f /etc/logcheck/logcheck.conf ]"; then + if lxc-attach -n "$CONTAINER" -- bash -c "sed -i 's/^SENDMAILTO.*/SENDMAILTO=\"$NEW_EMAIL\"/' /etc/logcheck/logcheck.conf"; then + echo "Successfully updated SENDMAILTO in $CONTAINER" + else + echo "Failed to update SENDMAILTO in $CONTAINER" + fi + else + echo "/etc/logcheck/logcheck.conf does not exist in $CONTAINER" + fi + sleep 1 # Introduce a sleep to avoid running too fast + done +} + +# 06 Main script execution +RUNNING_CONTAINERS=$(list_running_containers) +echo -e "\nRunning Containers: ${RUNNING_CONTAINERS[@]}" +echo -ne "\n" + +if [ -n "$RUNNING_CONTAINERS" ]; then + update_sendmailto ${RUNNING_CONTAINERS[@]} +else + echo "No running containers found." +fi + diff --git a/lxc_snapshot_create.sh b/lxc_snapshot_create.sh new file mode 100755 index 0000000..789eee7 --- /dev/null +++ b/lxc_snapshot_create.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# v01 + +# List and check LXC containers +echo "Listing all LXC containers..." +CONTAINERS=($(lxc-ls -1)) + +# Check if there are any containers +if [[ ${#CONTAINERS[@]} -eq 0 ]]; then + echo "There are no LXC containers." + exit 1 +fi + +echo "Found ${#CONTAINERS[@]} container(s): ${CONTAINERS[@]}" +echo "----------------------------------" + +# Loop over each container +for LXCHOSTNAME in "${CONTAINERS[@]}"; do + echo "Processing container: $LXCHOSTNAME" + + # Stop the container + echo "Stopping container $LXCHOSTNAME..." + if ! lxc-stop -n "$LXCHOSTNAME"; then + echo "Failed to stop container $LXCHOSTNAME" + continue + fi + + # Create a snapshot (using default directory) + echo "Creating snapshot for $LXCHOSTNAME..." + if ! lxc-snapshot -n "$LXCHOSTNAME"; then + echo "Failed to create snapshot for $LXCHOSTNAME" + # Optionally, start the container back up if snapshot fails + lxc-start -n "$LXCHOSTNAME" + continue + fi + + # Start the container + echo "Starting container $LXCHOSTNAME..." + if ! lxc-start -n "$LXCHOSTNAME"; then + echo "Failed to start container $LXCHOSTNAME" + continue + fi + + # List snapshots for the container + echo "Listing snapshots for $LXCHOSTNAME..." + lxc-snapshot -n "$LXCHOSTNAME" -L + echo "----------------------------------" + + echo "Finished processing $LXCHOSTNAME" + echo "==================================" +done + +lxc-ls -f diff --git a/remove_nonexistent_rules.sh b/remove_nonexistent_rules.sh new file mode 100755 index 0000000..c43c546 --- /dev/null +++ b/remove_nonexistent_rules.sh @@ -0,0 +1,65 @@ +#!/bin/zsh +# Script Version: 01 +# Description: Removes non-existent rules from SpamAssassin local.cf configuration file. + +# Variables +# ======== +CONFIG_FILE="/etc/mail/spamassassin/local.cf" +BACKUP_FILE="/etc/mail/spamassassin/local.cf.bak" +TEMP_FILE=$(mktemp /tmp/local.cf.temp.XXXXXX) + +# Backup original config +# ======== +if ! cp "$CONFIG_FILE" "$BACKUP_FILE"; then + echo "Error: Backup of $CONFIG_FILE to $BACKUP_FILE failed. Aborting." >&2 + exit 1 +fi +echo "Backup of local.cf saved to $BACKUP_FILE" + +# Extract non-existent rules from SpamAssassin lint output +# ======== +RULES=$(spamassassin --lint -D 2>&1 | grep 'warning: score set for non-existent rule' | awk '{print $NF}' | sort | uniq) + +if [ -z "$RULES" ]; then + echo "No non-existent rules found in the lint output." + rm -f "$TEMP_FILE" # Clean up the temporary file + exit 0 +fi + +echo "Non-existent rules to be removed:" +echo "$RULES" + +# Remove non-existent rules from the config file +# ======== +cp "$CONFIG_FILE" "$TEMP_FILE" + +while read -r RULE; do + sed -i "/^score\s\+$RULE\b/d" "$TEMP_FILE" +done <<< "$RULES" + +# Overwrite the original config +# ======== +if mv "$TEMP_FILE" "$CONFIG_FILE"; then + echo "Non-existent rules removed from $CONFIG_FILE" +else + echo "Error: Failed to update $CONFIG_FILE. Aborting." >&2 + rm -f "$TEMP_FILE" # Clean up in case of failure + exit 1 +fi + +# Restart SpamAssassin to apply changes +# ======== +echo "Restarting SpamAssassin..." +if systemctl restart spamassassin; then + echo "SpamAssassin restarted successfully." + if ! systemctl is-active --quiet spamassassin; then + echo "Error: SpamAssassin is not active after restart." >&2 + exit 1 + fi +else + echo "Error: Failed to restart SpamAssassin." >&2 + exit 1 +fi + +exit 0 + diff --git a/ssl_certificate_delete.sh b/ssl_certificate_delete.sh new file mode 100755 index 0000000..1991685 --- /dev/null +++ b/ssl_certificate_delete.sh @@ -0,0 +1,29 @@ +#!/bin/bash +# Script Version: 01 +# Description: Removes ssl_certificate and ssl_certificate_key directives from Nginx configuration files in /etc/nginx/sites-enabled/ + +# Directory containing Nginx site configurations +CONFIG_DIR="/etc/nginx/sites-enabled" + +# Iterate over each file in the configuration directory +for FILE in "$CONFIG_DIR"/*; do + # Check if the file is a regular file + if [ -f "$FILE" ]; then + # Remove lines containing ssl_certificate or ssl_certificate_key + sed -i '/^\s*ssl_certificate\s\+/d' "$FILE" + sed -i '/^\s*ssl_certificate_key\s\+/d' "$FILE" + fi +done + +# Test Nginx configuration +nginx -t + +# Check if the configuration test was successful +if [ $? -eq 0 ]; then + # Reload Nginx to apply changes + systemctl reload nginx + echo "Nginx reloaded successfully." +else + echo "Nginx configuration test failed. Please check the configuration files." +fi + diff --git a/updateContainer.sh b/updateContainer.sh new file mode 100755 index 0000000..e5e6af9 --- /dev/null +++ b/updateContainer.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +# List all running Linux containers +containers=$(lxc-ls -f G RUNNING | awk '{print $1}') + +# Upgrade the package manager (APT) inside each container +for container in $containers; do + echo $container + lxc-attach -n $container -- apt update + lxc-attach -n $container -- apt upgrade -y +done